From: Sean Christopherson <seanjc@google.com>
To: Xin Li <xin3.li@intel.com>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org,
pbonzini@redhat.com, corbet@lwn.net, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com,
x86@kernel.org, hpa@zytor.com, shuah@kernel.org,
vkuznets@redhat.com, peterz@infradead.org,
ravi.v.shankar@intel.com, xin@zytor.com
Subject: Re: [PATCH v2 10/25] KVM: VMX: Add support for FRED context save/restore
Date: Wed, 12 Jun 2024 15:09:02 -0700 [thread overview]
Message-ID: <ZmocflXIH0UUsFzn@google.com> (raw)
In-Reply-To: <20240207172646.3981-11-xin3.li@intel.com>
On Wed, Feb 07, 2024, Xin Li wrote:
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 264378c3b784..ee61d2c25cb0 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -1420,6 +1420,24 @@ static void vmx_write_guest_kernel_gs_base(struct vcpu_vmx *vmx, u64 data)
> preempt_enable();
> vmx->msr_guest_kernel_gs_base = data;
> }
> +
> +static u64 vmx_read_guest_fred_rsp0(struct vcpu_vmx *vmx)
> +{
> + preempt_disable();
> + if (vmx->guest_state_loaded)
> + vmx->msr_guest_fred_rsp0 = read_msr(MSR_IA32_FRED_RSP0);
> + preempt_enable();
> + return vmx->msr_guest_fred_rsp0;
> +}
> +
> +static void vmx_write_guest_fred_rsp0(struct vcpu_vmx *vmx, u64 data)
> +{
> + preempt_disable();
> + if (vmx->guest_state_loaded)
> + wrmsrl(MSR_IA32_FRED_RSP0, data);
> + preempt_enable();
> + vmx->msr_guest_fred_rsp0 = data;
> +}
This should be unnecessary when you switch to the user return framework.
KERNEL_GS_BASE is a bit special because it needs to be reloaded if the kernel
switches to a different task, i.e. before an exit to userspace.
> @@ -1892,6 +1895,30 @@ static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index, u64 data,
> return 1;
>
> data = (u32)data;
> + break;
> + case MSR_IA32_FRED_RSP0 ... MSR_IA32_FRED_CONFIG:
> + if (index != MSR_IA32_FRED_STKLVLS && is_noncanonical_address(data, vcpu))
> + return 1;
> + if ((index >= MSR_IA32_FRED_RSP0 && index <= MSR_IA32_FRED_RSP3) &&
> + (data & GENMASK_ULL(5, 0)))
> + return 1;
> + if ((index >= MSR_IA32_FRED_SSP1 && index <= MSR_IA32_FRED_SSP3) &&
> + (data & GENMASK_ULL(2, 0)))
> + return 1;
> +
> + if (host_initiated) {
> + if (!kvm_cpu_cap_has(X86_FEATURE_FRED))
> + return 1;
> + } else {
> + /*
> + * Inject #GP upon FRED MSRs accesses from a non-FRED guest,
> + * which also ensures no malicious guest can write to FRED
> + * MSRs to corrupt host FRED MSRs.
> + */
Drop the comment, if someone reading KVM code doesn't grok that attempting to
access MSRs that shouldn't exist results in #GP, then a comment probably isn't
going to save them.
This should also be bumped to the top, i.e. do the "does this exist check" first.
Lastly, the direction we are taking is to NOT exempt host-initiated writes, i.e.
userspace has to set CPUID before MSRs. If you base the next version on top of
this series, it should just work (and if it doesn't, I definitely want to know):
https://lore.kernel.org/all/20240425181422.3250947-1-seanjc@google.com
> + if (!guest_can_use(vcpu, X86_FEATURE_FRED))
> + return 1;
> + }
> +
Uh, where does the value go? Oh, this is common code. Ah, and it's in common
code so that VMX can avoid having to make an extra function call for every MSR.
Neat.
> break;
> }
>
> @@ -1936,6 +1963,22 @@ int __kvm_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data,
> !guest_cpuid_has(vcpu, X86_FEATURE_RDPID))
> return 1;
> break;
> + case MSR_IA32_FRED_RSP0 ... MSR_IA32_FRED_CONFIG:
> + if (host_initiated) {
> + if (!kvm_cpu_cap_has(X86_FEATURE_FRED))
> + return 1;
> + } else {
> + /*
> + * Inject #GP upon FRED MSRs accesses from a non-FRED guest,
> + * which also ensures no malicious guest can write to FRED
> + * MSRs to corrupt host FRED MSRs.
> + */
> + if (!guest_can_use(vcpu, X86_FEATURE_FRED))
> + return 1;
> + }
Same comments here.
next prev parent reply other threads:[~2024-06-12 22:09 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-07 17:26 [PATCH v2 00/25] Enable FRED with KVM VMX Xin Li
2024-02-07 17:26 ` [PATCH v2 01/25] KVM: VMX: Cleanup VMX basic information defines and usages Xin Li
2024-02-07 17:26 ` [PATCH v2 02/25] KVM: VMX: Cleanup VMX misc " Xin Li
2024-02-07 17:26 ` [PATCH v2 03/25] KVM: VMX: Add support for the secondary VM exit controls Xin Li
2024-04-19 10:21 ` Chao Gao
2024-02-07 17:26 ` [PATCH v2 04/25] KVM: x86: Mark CR4.FRED as not reserved Xin Li
2024-04-19 10:22 ` Chao Gao
2024-06-12 21:12 ` Sean Christopherson
2024-06-13 3:27 ` Li, Xin3
2024-02-07 17:26 ` [PATCH v2 05/25] KVM: VMX: Initialize FRED VM entry/exit controls in vmcs_config Xin Li
2024-04-19 10:24 ` Chao Gao
2024-02-07 17:26 ` [PATCH v2 06/25] KVM: VMX: Defer enabling FRED MSRs save/load until after set CPUID Xin Li
2024-04-19 11:02 ` Chao Gao
2024-06-12 21:19 ` Sean Christopherson
2024-06-13 3:31 ` Li, Xin3
2024-02-07 17:26 ` [PATCH v2 07/25] KVM: VMX: Set intercept for FRED MSRs Xin Li
2024-04-19 13:35 ` Chao Gao
2024-04-19 17:06 ` Li, Xin3
2024-06-12 21:32 ` Sean Christopherson
2024-09-05 17:09 ` Xin Li
2024-09-12 20:05 ` Sean Christopherson
2024-09-18 8:35 ` Xin Li
2024-09-25 14:12 ` Sean Christopherson
2024-09-25 22:13 ` Xin Li
2024-09-27 17:48 ` Xin Li
2024-09-30 16:56 ` Sean Christopherson
2024-06-12 21:20 ` Sean Christopherson
2024-02-07 17:26 ` [PATCH v2 08/25] KVM: VMX: Initialize VMCS FRED fields Xin Li
2024-04-19 14:01 ` Chao Gao
2024-04-19 17:02 ` Li, Xin3
2024-06-12 21:41 ` Sean Christopherson
2024-02-07 17:26 ` [PATCH v2 09/25] KVM: VMX: Switch FRED RSP0 between host and guest Xin Li
2024-04-19 14:23 ` Chao Gao
2024-04-19 16:37 ` Li, Xin3
2024-06-12 21:53 ` Sean Christopherson
2024-07-10 15:51 ` Li, Xin3
2024-07-12 15:12 ` Sean Christopherson
2024-07-12 16:15 ` Li, Xin3
2024-07-12 16:27 ` Sean Christopherson
2024-07-12 17:17 ` Li, Xin3
2024-07-12 19:30 ` Sean Christopherson
2024-07-17 17:31 ` Li, Xin3
2024-07-18 13:59 ` Sean Christopherson
2024-07-18 17:44 ` Li, Xin3
2024-07-18 21:04 ` H. Peter Anvin
2024-07-19 15:59 ` Sean Christopherson
2024-07-21 18:09 ` Li, Xin3
2024-02-07 17:26 ` [PATCH v2 10/25] KVM: VMX: Add support for FRED context save/restore Xin Li
2024-04-29 6:31 ` Chao Gao
2024-06-12 22:09 ` Sean Christopherson [this message]
2024-02-07 17:26 ` [PATCH v2 11/25] KVM: x86: Add kvm_is_fred_enabled() Xin Li
2024-04-29 8:24 ` Chao Gao
2024-05-11 1:24 ` Li, Xin3
2024-05-11 1:53 ` Chao Gao
2024-06-12 22:13 ` Sean Christopherson
2024-06-13 16:55 ` Sean Christopherson
2024-02-07 17:26 ` [PATCH v2 12/25] KVM: VMX: Handle FRED event data Xin Li
2024-04-30 3:14 ` Chao Gao
2024-05-10 9:36 ` Li, Xin3
2024-05-11 3:03 ` Chao Gao
2024-06-12 23:31 ` Sean Christopherson
2024-06-13 5:29 ` Chao Gao
2024-06-13 17:57 ` Sean Christopherson
2024-06-12 22:52 ` Sean Christopherson
2024-06-13 16:57 ` Sean Christopherson
2024-06-13 18:02 ` Li, Xin3
2024-02-07 17:26 ` [PATCH v2 13/25] KVM: VMX: Handle VMX nested exception for FRED Xin Li
2024-04-30 7:34 ` Chao Gao
2024-06-13 17:01 ` Sean Christopherson
2024-02-07 17:26 ` [PATCH v2 14/25] KVM: VMX: Disable FRED if FRED consistency checks fail Xin Li
2024-04-30 8:21 ` Chao Gao
2024-06-13 18:00 ` Sean Christopherson
2024-02-07 17:26 ` [PATCH v2 15/25] KVM: VMX: Dump FRED context in dump_vmcs() Xin Li
2024-04-30 9:09 ` Chao Gao
2024-06-12 23:55 ` Sean Christopherson
2024-02-07 17:26 ` [PATCH v2 16/25] KVM: VMX: Invoke vmx_set_cpu_caps() before nested setup Xin Li
2024-02-07 17:26 ` [PATCH v2 17/25] KVM: nVMX: Add support for the secondary VM exit controls Xin Li
2024-06-13 18:11 ` Sean Christopherson
2024-02-07 17:26 ` [PATCH v2 18/25] KVM: nVMX: Add a prerequisite to SHADOW_FIELD_R[OW] macros Xin Li
2024-06-13 18:16 ` Sean Christopherson
2024-02-07 17:26 ` [PATCH v2 19/25] KVM: nVMX: Add FRED VMCS fields Xin Li
2024-06-13 18:29 ` Sean Christopherson
2024-02-07 17:26 ` [PATCH v2 20/25] KVM: nVMX: Add support for VMX FRED controls Xin Li
2024-02-07 17:26 ` [PATCH v2 21/25] KVM: nVMX: Add VMCS FRED states checking Xin Li
2024-02-07 17:26 ` [PATCH v2 22/25] KVM: x86: Allow FRED/LKGS/WRMSRNS to be exposed to guests Xin Li
2024-06-13 18:31 ` Sean Christopherson
2024-02-07 17:26 ` [PATCH v2 23/25] KVM: selftests: Run debug_regs test with FRED enabled Xin Li
2024-02-07 17:26 ` [PATCH v2 24/25] KVM: selftests: Add a new VM guest mode to run user level code Xin Li
2024-02-07 17:26 ` [PATCH v2 25/25] KVM: selftests: Add fred exception tests Xin Li
2024-03-29 20:18 ` Muhammad Usama Anjum
2024-03-29 20:18 ` Muhammad Usama Anjum
2024-04-24 16:08 ` Sean Christopherson
2024-03-27 8:08 ` [PATCH v2 00/25] Enable FRED with KVM VMX Kang, Shan
2024-06-13 18:38 ` Sean Christopherson
2024-06-14 0:52 ` Li, Xin3
2024-04-15 17:58 ` Li, Xin3
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZmocflXIH0UUsFzn@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
--cc=xin3.li@intel.com \
--cc=xin@zytor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).